This talk is designed for people interested in the concepts of web application security but maybe have never been involved with it before or on the other side of the coin i.e. developers. Using Open Source frameworks and tools we discuss an approach to a couple of well known vulnerabilities and demonstrate how these can be fixed well (and not so well). The talk also give the audience a "take away" in the form of further exercises that can be done in order to learn more about the security side of web applications and PHP in particular.